I've heard a few variants of this over the years, the idea that printers are so simple it really is trivial to read a print job from memory and so on, still - being able to set them on fire is poor design. Oh wait, its HP. Never mind then, probably for the best.

I would also point out the usual sweeping under the carpet of the whole getting the user to open a document with malicious code, once you have achieved that you probably don't need to go to the lengths of hacking the printer to get to personal data.